The Lawbytes podcast resumes for another season with a special episode on privacy as I’m joined on the podcast by Daniel Therrien, the Privacy Commissioner of Canada. Commissioner Therrien recently used Data Privacy Day to deliver a speech at the University of Ottawa focused on privacy reforms and a new consultation on AI and privacy. He joined me on the podcast to talk about his term as commissioner, the major challenges he’s faced, the state of Canadian privacy law, and the prospect for reform. Following our conversation, the podcast features audio of the Commissioner’s bilingual speech at the law school.
Post Tagged with: "opc"
A Failure of Enforcement: Why Changing the Law Won’t Fix All That Ails Canadian Privacy
Canadian Privacy Commissioner Daniel Therrien renewed his call for an overhaul of Canada’s private-sector privacy legislation this week. Responding to a national data consultation launched by Innovation, Science and Economic Development Minister Navdeep Bains, Therrien recommended enacting a new law that would include stronger enforcement powers, meaningful consent standards and the extension of privacy regulations to political parties. My Globe and Mail op-ed argues that while the need for a modernized privacy statute has been evident for some time, Canada’s privacy shortcomings are not limited to a decades-old legal framework struggling to keep pace with technological change.
Do You Consent? Four Ways to Strengthen Digital Privacy
Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.
The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.
My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.
Why the Privacy Commissioner Doesn’t Need Legal Reforms To Require Transparency Reports
Privacy Commissioner of Canada Daniel Therrien was in the news this week as he expressed concern with the evasiveness of Canada’s spy agencies and the ongoing refusal of some of Canada’s telecom companies (namely Bell) to issue transparency reports. I’ll have more to say about privacy and government agencies in my technology law column next week, but on the issue of telecom transparency reports, I believe that Therrien already has the necessary legal mandate to act now. Therrien urged all telecom companies to release transparency reports, noting:
“I think Canadians are telling us, first of all, that they would much prefer that data be shared from telcos to government only with a warrant, with a court authorization. But when that does not happen, Canadians expect that there be transparency…frankly, if there’s not more progress I will continue to call for legislation on this issue.”
I wrote about why Canada’s telecom transparency reporting still falls short late last month, emphasizing that a non-binding approach to transparency reporting has been a failure.
Secret Memo Reveals RCMP Records on Requests for Subscriber Data “Inaccurate and Incomplete”
Last fall, Daniel Therrien, the government’s newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information.
The audit had been expected to shed new light into RCMP information requests. Auditors were forced to terminate the investigation, however, when they realized that Canada’s national police force simply did not compile the requested information. When asked why the information was not collected, RCMP officials responded that its information management system was never designed to capture access requests.
While that raised serious concerns – the RCMP has since promised to study mechanisms for reporting requests with recommendations expected in April – my weekly technology law column (Toronto Star version, homepage version) reports that documents recently obtained under the Access to Information Act reveal that the publicly released audit results significantly understated the severity of the problem. Indeed, after the draft final report was provided to the RCMP in advance for comment, several of the findings were toned down for the public release.
Recent Posts
The Law Bytes Podcast, Episode 200: Colin Bennett on the EU’s Surprising Adequacy Finding on Canadian Privacy Law 
Debating the Online Harms Act: Insights from Two Recent Panels on Bill C-63 
The Law Bytes Podcast, Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act 
AI Spending is Not an AI Strategy: Why the Government’s Artificial Intelligence Plan Avoids the Hard Governance Questions 
The Law Bytes Podcast, Episode 198: Richard Moon on the Return of the Section 13 Hate Speech Provision in the Online Harms Act
